Browser Plugins : The Biggest Security Threat on the Web

Browser plugins are on their way out these days. Most of the plugins that web page can have advantage like Oracle’s Java, Adobe Flash and Adobe Reader has now became a browser’s security problem. As we have observed that Flash is no long continued for Android, Apple’s iOS has never ever supported these plugins and most important the new version of IE (Windows 8) does not support most of the plugins. Chrome is going to block traditional NPAPI browser plugins. Here I will let you know what you can do to secure your web browser. Read the entire post and solve your browser’s issues.

Browser plugins were very important at the time of their creation. For several years, browser development for most common website users had idled. The very slow browser development created a very big opportunity for plugins in the field of development. Adobe’s Flash player had expanded to include its support for animation, video playbacks as well in other features. Microsoft Flash competitor was developed as a Silverlight which is released in 2007 to provide animation support and to provide streaming media.


Image Source:

There are many other plugins which are created merely to fill all the holes in the web browsers. The Utility plugins furnished in 3D graphics support, the video plugins and Google voice gives Talk services and Google’s Hangouts services to provide accessibility to webcam’s and system’s microphones. Before IE 6 stagnated so poorly, web browser plugins were used mainly to add features to that the browser themselves does not have itself. You must have remembered while playing any online video, you are being presented or asked to choose QuickTime, RealPlayer or the Windows Media Player to play any video. These are the three incompatible plugins which was no build for the web bowsers to play for video playback.

Reasons Why Browsers Plugins Have Proven Big Problem for Browsers

Browser plugins have verified to be a big issue for the web. Here are some common reasons behind this statement.

No Sandboxing: Security issues are made worse due to the fact that tradional plugins were written using ActiveX or Netscape Plugin Application Programming Interface (NPAPI) can’t be sandboxed. They have the complete access to the whole user account and its respective operating system authorization. Chrome’s new PPAPI (Pepper API) sndbox plugins and the latest version of Flash for Chrome uses this Pepper API instead of using NPAPI.

Security and Protection: These plugins have been proven to insecure than the web browsers itself and most worse is that Java and Flash players are considered as biggest attack vectors on the web these days. It is a fact that almost everyone has some Java or Flash player plugins, no matter which OS or browsers they are using. This means that the attack on plugins should work over every operating system and browser.

Cross Platform Issue: Plugins are mainly created by a single vendor which basically means that there is only one or single implementation and it mainly runs on the vendor’s based platforms. Let’s say you need to play any Flash games on your iPad and just because your Adobe Flash player doesn’t run on iIOS. In the upper mentioned cases, Apple developers or Linux developers are unable to write their own support for Flash or Silverlight. Its not an open standard where you are allowed to have multiple implementation which is implemented by different people.


How Browser’s Plugins are being Replaced

In the starting days of web, plugins are enabled for features to be developed in complete and parallel in order to witness all the different video playback plug ins. In addition, they even allow third parties to add new page features when the web browser development idled. We have now reached in a much competitive environment of web standards and rapid browser development. Now we have war between a variety of browsers and even Microsoft is making its move to adhere web standards in a way they have never done till now.

Most of the implemented browser’s plugins are now being added in the form of inbuld browser’s features. Numerous plugins are already used or added as its inbuild feature and many are still in development. Below we have discussed what’s now replacing the most popular plug-ins.

Java: Java applets have already proven as in-secure. Java mainly povides a way of adding entire programs on the web pages and this doesn’t worked out well.

Flash: Flash is used for numerous things including animations and video playback. Flash has been already phrased out for the purpose of video playback by HTML5 videos, as other sites like youtube are using more HTML5 videos instead of using Flash.

Silverlight: Silverlinght is only used for video playback only for few sites. Netfiix which was considered as the biggest user of Silverlight is also moving to HTML5 for video playback.

Google Earth Plugins: Google Earth Plugins has already replaced. You can now easily view a complete 3D earth scene in Google Map by using WebGL.

Unity 3D: This very plugin enable you to embed 3D games on your web pages. 3D graphics are now possible without any plugins by using WebGL.

Google Video and Voices: Google Video and Voice plugins is still required for Gtalk calls and Hangouts. It will be replaced soon by WebRTC standard for plugins for free video and real time audio communications.


We will end up with more security and privacy as browser’s plugins being rolled into browser’s themselves. In starting, they were very useful but as time passes we are moving ahead and browser’s plugins are their way out. Flash plugins will be with us for longer time as this plugins is still in wide use. Even this very plugin is becoming less relevant due to mobile platform which is without flash support.

You may also like...

Add a Comment

Your email address will not be published. Required fields are marked *